« previous next »
Pages: [1]   Go Down

Author Topic: Why not flagged by Sucuri's for malware?  (Read 1549 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Why not flagged by Sucuri's for malware?
« on: January 29, 2020, 02:51:40 PM »
Re: https://urlhaus.abuse.ch/url/301372/  emotet epoch1 detection...
See: https://sitecheck.sucuri.net/results/https/new.butcherbox.ca
directory: https://sitecheck.sucuri.net/results/https/new.butcherbox.ca
Word Press outdated plug-in -> header-footer-elementor 1.1.4   latest release (1.2.2)
https://github.com/

Not flagged here either: Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK

Confirmed: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bnt3LmJ1dF5oe31iXXguXnw%3D~enc
Cisco Talos Blacklist:OK
Web Server:
nginx
X-Powered-By:
None
IP Address:
-35.203.98.50
Hosting Provider:
Google LLC
Shared Hosting:
500 sites found on -35.203.98.50

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Why not flagged by Sucuri's for malware?
« Reply #1 on: January 29, 2020, 06:05:52 PM »
Re: GoogleBot returned code 301 to -https://new.butcherbox.ca/
Google Chrome returned code 301 to -https://new.butcherbox.ca/
returning code 0 on the redirect.. https://sitereport.netcraft.com/?url=https%3A%2F%2Fmk0butcherboxx2i4ts7.kinstacdn.com%2Fwp-content%2F
Re: https://searchdns.netcraft.com/?host=*.kinstacdn.com  34 results... producing a 405 not allowed
Kinsta CDN on WordPress ....example of malicious domain: https://otx.alienvault.com/indicator/domain/mk0pcnasitegr8fvdtdc.kinstacdn.com
Re: https://www.virustotal.com/gui/domain/mk0pcnasitegr8fvdtdc.kinstacdn.com/details

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: Why not flagged by Sucuri's for malware?
« Reply #2 on: January 29, 2020, 06:19:19 PM »
Quote
Why not flagged by Sucuri's for malware?
My guess sucuri is a website scanner so only check the HTML for suspicious code like java script, php ...... and not files

Url wil serve you a FakeDoc that will download a Emotet or Ransomware i suspect .... lets see what payload we can find


« Last Edit: January 30, 2020, 12:15:41 AM by Pondus »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: Why not flagged by Sucuri's for malware?
« Reply #3 on: January 29, 2020, 06:44:09 PM »
« Last Edit: January 29, 2020, 07:00:30 PM by Pondus »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Why not flagged by Sucuri's for malware?
« Reply #4 on: January 29, 2020, 11:13:03 PM »
Thanks, Pondus, for revealing that. When you do not check, such clever cybercriminals will have you big time.
That is why analytics also is in need of a right blink of the human eye.  ;)

To me this one was weird from the start, as URLHaus reported and I saw if being flagged.
So one can never really relent on a single source, whether it is a real find or an FP.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »